This Privacy Policy explains how Jilas ("Jilas", the "App", "we", "us", or "our") collects, uses, stores, shares, and protects personal information when you use the Jilas point-of-sale application for restaurants (Android, iOS, and web) and its related back-office services.
Operator: JordyHers.org, Märkische Allee 316A, 12487 Berlin, Germany. Contact: at.jh925@gmail.com.
- Who this policy applies to
- What personal information we collect
- Camera access
- How we use your information
- Legal bases (GDPR)
- Firebase & third-party processors
- AI features
- How we share information
- Advertising, tracking & CAPTCHA
- Data retention
- Security
- International data transfers
- Your privacy rights
- Children's privacy
- Changes to this policy
- Contact us
1. Who this policy applies to
This policy applies to two groups of people:
- Restaurant staff and account holders — owners, managers, servers, and kitchen staff who sign in to operate Jilas.
- Customers of the restaurant — diners whose order, payment, or contact details may be entered into Jilas by restaurant staff (for example to take an order or issue a receipt).
Where a restaurant uses Jilas to process its own customers' data, the restaurant is the data controller for that data and Jilas acts as a data processor on the restaurant's behalf.
2. What personal information we collect
2.1 Information you provide directly
| Category | Examples | Why |
|---|---|---|
| Email address | The address used to create or sign in to your account. | Account creation, authentication, account recovery, and service notices. |
| First name and last name | The name shown on your staff profile. | Identifying staff within a restaurant and attributing actions (e.g. who took an order). |
| Phone number | A contact number tied to your account or to a customer order. | Account contact, order/customer contact, and operational communication. |
| Photos you capture | Images taken with your device camera or chosen from your gallery. | Attaching images to items, receipts, or records inside the App (see Section 3). |
| Operational content | Orders, menu items, prices, tables, payments, and notes you enter. | Running the point-of-sale and producing reports for the restaurant. |
2.2 Information collected automatically
When you use Jilas, certain technical information is collected automatically through Google Firebase (see Section 6):
| Category | What it includes |
|---|---|
| Account & authentication data | A unique user ID, sign-in timestamps, and authentication tokens managed by Firebase Authentication. |
| Device & install identifiers | A stable installation ID generated by Firebase Installations, used to manage updates and messaging. |
| Push notification tokens | A registration token issued by Firebase Cloud Messaging so the App can receive notifications. |
| Diagnostic & crash data | Crash reports, error logs, device model, operating-system version, and app version collected via Firebase Crashlytics and our logging to help us fix faults. |
| Usage & analytics data | Aggregated, non-advertising analytics about how features are used, collected via Firebase, to improve the App. |
We do not knowingly collect government identifiers, biometric data, precise GPS location, health data, or special-category data through Jilas.
3. Camera access
Jilas can request access to your device's camera so you can take photos within the App (for example, to attach an image). Camera access is used only when you actively choose to capture an image.
- The camera is never accessed in the background.
- We do not record video or audio, and we do not perform facial recognition.
- On the first use, your device asks for permission. You can withdraw it at any time in your device's system settings; the rest of the App keeps working without camera features.
- Photos you capture are stored as part of your restaurant's records in Firebase Storage and are treated as operational content (Section 2.1).
4. How we use your information
- To create and secure your account and authenticate sign-ins.
- To operate the point-of-sale: orders, payments, tables, menus, and receipts.
- To send operational notifications (e.g. order or kitchen updates) via push messaging.
- To attach and store photos you choose to capture.
- To diagnose crashes, fix bugs, and improve reliability and performance.
- To understand aggregated feature usage and improve the product.
- To communicate with you about the service, security, and important changes.
- To comply with legal, tax, and accounting obligations, and to enforce our terms.
We do not use your personal information for advertising profiling, and we do not sell it.
5. Legal bases for processing (GDPR / UK GDPR)
If you are in the European Economic Area or the UK, we rely on:
- Contract — to provide the App and your account.
- Legitimate interests — to secure, maintain, debug, and improve the service.
- Consent — for device camera access and any optional features; you may withdraw consent at any time.
- Legal obligation — to meet tax, accounting, and other statutory duties.
6. Firebase & third-party processors
Jilas is built on Google Firebase (a Google service). Firebase processes data on our behalf under Google's terms and the Google Cloud / Firebase Data Processing Addendum. The Firebase services we use are:
| Service | Purpose | Data involved |
|---|---|---|
| Firebase Authentication | Sign-in & account security | Email, user ID, auth tokens |
| Cloud Firestore | Storing operational records | Names, phone numbers, orders, payments, notes |
| Cloud Functions | Server-side logic & logging | Request data, diagnostic logs |
| Firebase Storage | Storing files & photos | Images you capture or upload |
| Firebase Cloud Messaging | Push notifications | Device push tokens |
| Firebase Installations | Stable install identity | Installation ID |
| Firebase Crashlytics | Crash & error reporting | Crash logs, device & OS info, app version |
| Firebase Analytics | Aggregated usage analytics | Non-advertising usage events |
| Firebase Performance Monitoring | App speed & stability metrics | App start/screen/network timings, coarse device & OS info |
Google's handling of this data is described in Google's Firebase Privacy and Google Privacy Policy.
7. AI features
Jilas includes optional, owner-facing AI assistance — for example summarizing customer feedback, projecting revenue from past sales, flagging menu/pricing inconsistencies, an in-app help assistant, and matching a reservation to an open table. These features are processed by Google Cloud Vertex AI (the Gemini model family) as our sub-processor, on Google Cloud infrastructure.
7.1 What the AI processes
- Operational business data — aggregated sales and revenue figures, star ratings and free-text feedback comments, menu items and prices, and reservation details — sent only when an owner or manager runs the corresponding feature.
- Exact monetary figures are computed by Jilas itself; the model is used to summarize, rank, and phrase the result. It runs server-side (in our Cloud Functions), not on your device.
7.2 How we protect it
- Your data is not used to train AI models. Under the Google Cloud / Vertex AI terms, prompts and responses are not used to train Google's foundation models.
- No fully-automated decisions. AI output is assistive and advisory only — it can be incomplete or inaccurate, and a person always makes the final decision. We do not use it for automated decisions that produce legal or similarly significant effects (Art. 22 GDPR).
- AI processing may occur on servers outside your country, including the United States, under the safeguards described in Section 12.
- Do not enter sensitive personal data into free-text fields (such as feedback or notes) that you would not want processed by these features.
Google's handling of Vertex AI data is described in the Google Cloud Service Terms and Google Privacy Policy.
8. How we share information
We share personal information only as needed to run the service:
- With Google Firebase, our infrastructure processor (Section 6).
- With Google Cloud Vertex AI, our AI processor for the features in Section 7.
- With Google reCAPTCHA, for abuse/fraud protection (Section 9).
- Within your restaurant, with authorized staff, according to their role and permissions.
- For legal reasons, when required by law, regulation, or valid legal process.
- In a business transfer, if the service is merged, acquired, or reorganized, subject to this policy.
We do not sell or rent personal information, and we do not share it with advertisers.
9. Advertising, tracking & CAPTCHA
- No advertising. Jilas does not display ads and contains no advertising SDKs.
- No advertising tracking. We do not build advertising profiles or share data with ad networks.
- CAPTCHA (abuse protection). Jilas uses Google reCAPTCHA v3 to protect sign-in and other sensitive actions from automated abuse and fraud. reCAPTCHA v3 runs invisibly (no puzzles) and assesses traffic with a risk score; to do so Google collects device and usage signals (such as hardware/software information and interaction data) and processes them under the Google Privacy Policy and Google Terms of Service. We use it solely for security — not for advertising.
- Analytics only. The only analytics used is Firebase, for aggregated product improvement — not advertising.
10. Data retention
We keep personal information for as long as your account is active and as needed to provide the service. Operational records (orders, payments, receipts) may be retained longer where required for tax and accounting law. Crash and diagnostic data is retained for a limited period for debugging. When data is no longer needed, we delete or anonymize it.
Under German tax and commercial law (§ 147 AO, § 257 HGB), accounting-relevant records are retained for up to 10 years.
11. Security
We protect data with encryption in transit, access controls, role-based permissions, and Firebase Security Rules that restrict each restaurant's data to its own authorized users. No method of transmission or storage is completely secure, but we work to protect your information and to address vulnerabilities promptly.
12. International data transfers
Firebase may process and store data on servers located outside your country, including in the United States. Where required, such transfers are covered by appropriate safeguards such as the European Commission's Standard Contractual Clauses under Google's Data Processing Addendum.
13. Your privacy rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your information ("right to be forgotten").
- Restrict or object to certain processing.
- Receive your data in a portable format.
- Withdraw consent (e.g. camera access) at any time.
- Lodge a complaint with your data protection authority.
To exercise any of these rights, contact us at at.jh925@gmail.com. If your data was entered by a restaurant using Jilas, we may direct your request to that restaurant as the controller.
California (CCPA/CPRA): We do not sell or share personal information as those terms are defined under California law. California residents have the right to know, delete, correct, and to not be discriminated against for exercising these rights.
14. Children's privacy
Jilas is a business tool intended for restaurant operators and staff. It is not directed to children, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us data, contact us and we will delete it.
15. Changes to this policy
We may update this policy from time to time. We will revise the "Last updated" date above and, where appropriate, notify you in the App. Your continued use after changes take effect means you accept the updated policy.
16. Contact us
For questions or requests about this policy or your personal information:
JordyHers.org
Märkische Allee 316A, 12487 Berlin, Germany
Email: at.jh925@gmail.com